Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    BgxLoader.exe

  • Size

    356KB

  • Sample

    230529-tt44jsdb3z

  • MD5

    a76cd83e441767ddcec3cb1968ef2ea9

  • SHA1

    18e6f88dc281fbd802d717c27434c3f696ff046a

  • SHA256

    00698421b9308556993240b3560a6e85ecfc982467b72b9ccc5ec71f297ea59b

  • SHA512

    4b0ffc51be1512d70861b3441bc682570aaaa7fe36dbfe3def0cb74b9adb23fae254203bfd7b3caa335f5900c52dc825db8c94395892b850bf68f1becbe849bd

  • SSDEEP

    6144:Sfz1lIMaVvfDKcpcgCM1MBUB08Yv7E8o9p3i7B+:wPItR7Kcpcgv1n+vAJRik

Malware Config

Extracted

Family

redline

C2

5.42.65.101:40676

Attributes
  • auth_value

    c4cca4b82dd435b79cda31c2f661f1e7

Targets

    • Target

      BgxLoader.exe

    • Size

      356KB

    • MD5

      a76cd83e441767ddcec3cb1968ef2ea9

    • SHA1

      18e6f88dc281fbd802d717c27434c3f696ff046a

    • SHA256

      00698421b9308556993240b3560a6e85ecfc982467b72b9ccc5ec71f297ea59b

    • SHA512

      4b0ffc51be1512d70861b3441bc682570aaaa7fe36dbfe3def0cb74b9adb23fae254203bfd7b3caa335f5900c52dc825db8c94395892b850bf68f1becbe849bd

    • SSDEEP

      6144:Sfz1lIMaVvfDKcpcgCM1MBUB08Yv7E8o9p3i7B+:wPItR7Kcpcgv1n+vAJRik

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks